Hackers are often able to bypass Web Application Firewall (WAF) solutions, putting many businesses at risk of downtime, data theft and reputational damage, a new report from Neustar claims.
According to the report, half of security professionals report at least a quarter of attempts to sidestep WAF are successful, while 40% said almost half of evasion attempts succeed.
Further, the report claims that almost a third of businesses (29 percent) struggle to change their WAF policies to better defend themselves from web application attacks. Just 15 percent found the process “very easy”.
Fully integrating WAF into other security functions is “critical in developing a holistic defence against a variety of attack types”, the report states, with WAF labelling almost a third (30 percent) of all network requests as false positives.
Four in ten businesses are yet to fully integrate WAF with the rest of their security functions.
For Rodney Joffe, Chairman of NISC and Senior Vice President and Fellow at Neustar, the rise in application-layer attacks is “unsettling”.
“Due to their ‘under-the-radar’ nature, application-layer attacks are difficult to detect and therefore require a security posture that is always-on in order to be identified and mitigated. Only by providing protection across the entire network can organisations respond to the type of threats we are seeing today.”
Neustar claims that DDoS attacks were the biggest worry for cybersecurity pros during March and April this year. Ransomware, as well as the theft of intellectual property, were also listed among major concerns.